[[Mathias Chauvin]] - IT stuff

This have been a long time that I’m using this, but i sometimes forget about this command

You can edit the mail aliases in:

/etc/aliases

Once edited, you have to run the newaliases tool so that the system takes the new mail aliases into consideration.

root@server:~/# newaliases

The problem with LDAP (I’m using Sun Directory Server DS 5.2) and getspnam is that if the caller lacks the permisison needed to retrieve the encrypted password from the LDAP, the LDAP service returns the string *NP* as the value of the member sp_pwdp in the returned shadow. (cf getspnam manpage about NIS+ service)

Here is a simple C program to test the getspnam function:

#include <pwd.h>
#include <shadow.h>

int main(){
struct spwd *spp = getspnam("localuser");
printf ("login=%s\n", spp->sp_namp);
printf ("enc pwd=%s\n", spp->sp_pwdp);
spp = getspnam("ldapuser");
printf ("login=%s\n", spp->sp_namp);
printf ("enc pwd=%s\n", spp->sp_pwdp);
}

Compile this source code:

root@server:~$ gcc -o test_getspnam test_getspnam.c

Run the test:

root@server:~$ ./test_getspnam
login=localuser
enc pwd=o0XeSWfjr442
login=ldapuser
enc pwd=*NP*

As you can see, the “localuser” encrypted password is returned, whereas the “ldapuser” encrypted password is set to *NP*.

That means that the caller will need access to the userPassword field, which is disabled by default in LDAP for security reasons.

The way to solve this issue and access the password is “easy” : give access to the userPassword field to the caller. That means, either get a proxy user in the ldapclient settings, and give access to the userPassword field to the proxyuser, or allow anonymous to access the userPassword field.

Read more »

This is helpful for the RoundCube installation ;-)

1. Server install

Let’s take your favorite server that is running a Debian/GNU Linux. In the following, the server name is verona.
The following command will install Dovecot IMAP server:

verona:~# apt-get install dovecot-common dovecot-imap

2. Server configuration

In order to authenticate users on the IMAP server, the authentication on verona will be used (pam authentification).
This can be set to LDAP, … (Coming soon ;-)

To set the IMAP server, edit the /etc/dovecot/dovecot.conf file:

Line 21: protocols = imap

The listen option is set to 127.0.0.1 so that the imap server only listens to local request:

Line 40: listen = 127.0.0.1

Line 47: disable_plaintext_auth = no
Line 88: ssl_disable = yes
Line 210: mail_location = mbox:~/mail:inbox=/var/mail/%u

3. Server restart

verona:~# /etc/init.d/dovecot restart

It’s working!! ;-)

This may be useful for some embedded devices using memory cards such as MicroSD, SD, …

mkdosfs -c -F 16 -v /dev/sda1

Here is a little script that has been set up to monitor the free space on /var on a console/log server.

I used perl but this script can also been written in shell.
The root crontab has been modified to run the script every 10 minutes.

2,12,22,32,42,52 * * * * /opt/mytools/bin/monitor_var.pl

The script is using two perl lib (

Mail:Send

and

Filesys:DiskFree

)
Here is the code of the script

#!/usr/bin/perl
#
# Mathias Chauvin
# 03/21/2007
#
# Monitoring free space on a filesystem
#
# Modified 02/20/2008
# Added automatic archiving on USB disk.

use strict;
use Filesys::DiskFree;
use Mail::Send;
use File::Copy;

# Define an object to handle df data
my $handle = new Filesys::DiskFree;
$handle->df();

# Monitoring of /var partition
my $dir = "/var";

# Lower limit for available space
my $lower_limit = 500000000;

# Log directory
my $logdir = "/var/path/to/big/log";

# Directory to check to know whether the USB drive is mounted or not
my $mnt="/mnt/lost+found";

# USB drive mount point
my $store="/mnt";

# USB drive device
my $dev="/dev/pathtousbdisk";


# Email definition (To, From, Subject)
my $mailto='your.mail@your.domain';
my $from='whoever@your.domain';
my $mailsubject="[WARNING] Low Disk Space";
my $mailmessage="Only ".$handle->avail($dir);
$mailmessage.=" bytes available on ".$dir."\n\n";
$mailmessage.='The following files have been moved from ';
$mailmessage.="$logdir".' to '."$store";
$mailmessage.=' (USB drive) on your server.'."\n";


# Test if the lower limit has been reached or not.
# If so, send an email
if ($lower_limit > $handle->avail($dir)) {

  # Checking if the USB drive is mounted.
  # If not, mount it on /mnt
  while ( ! -d "$mnt" ) {
    #print "Mounting $dev on $mnt...\n";
    my @args = ("mount", "-F", "ufs", "$dev", "$store");
    system(@args) == 0
      or die "system @args failed: $?";
  }

  # The USB drive should be mounted.
  # List the files in log dir.
  # Move any archived log files (filename starting by a date)
  # to /mnt
  if ( -d "$mnt" ) {
    opendir(DIR, $logdir);
    my @filenames = grep(/^[2-9][0-9][0-9][0-9]/,readdir(DIR));
    closedir(DIR);

    foreach my $filename (@filenames) {
      move("$logdir/$filename","$store");
      $mailmessage.="\t- $filename\n";
      #print "$filename\n";
    }
  } else {
    $mailmessage.="Mount point $mnt is missing\n";
  }

  $mailmessage.="Regards\n\n--\nyour signature";
  
  # Create the mail object
  my $msg = new Mail::Send;

  # Set the mail parameters
  $msg->to($mailto);
  $msg->subject($mailsubject);

  # Append the message to the mail
  my $fh = $msg->open;

  print $fh $mailmessage;

  # Close and send the message
  $fh->close;

}